diff options
author | HombreLaser <sebastian-440@live.com> | 2023-03-11 12:10:57 -0600 |
---|---|---|
committer | HombreLaser <sebastian-440@live.com> | 2023-03-11 12:10:57 -0600 |
commit | 3dae1ce143d006cc75940b746a8eb74982e6e861 (patch) | |
tree | 5bfa59dfd11bbfc9b8ef2a38da067e0c2ca0da42 /app | |
parent | 6b3cc5c3a33643c0e42396142a2d3204ada2bb82 (diff) |
Añade test de scoping
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/api/companies_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/authenticated_controller.rb | 6 | ||||
-rw-r--r-- | app/controllers/master_controller.rb | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/api/companies_controller.rb b/app/controllers/api/companies_controller.rb index 9d6cb1c..21744de 100644 --- a/app/controllers/api/companies_controller.rb +++ b/app/controllers/api/companies_controller.rb @@ -4,7 +4,7 @@ module Api # CompaniesController class CompaniesController < MasterController skip_before_action :validate_jwt, only: %i[show index] - skip_before_action :assert_master_role, onlt: %i[show index] + skip_before_action :assert_master_role, only: %i[show index] def index @companies = Company.all diff --git a/app/controllers/authenticated_controller.rb b/app/controllers/authenticated_controller.rb index de02cab..56159ab 100644 --- a/app/controllers/authenticated_controller.rb +++ b/app/controllers/authenticated_controller.rb @@ -13,6 +13,12 @@ class AuthenticatedController < ApplicationController @current_user_account ||= UserAccount.find_by(email:) end + def current_user_role + return if decoded_token.nil? + + decoded_token[0]['aud'] + end + def authentication_token @authentication_token ||= request.headers[:authorization]&.sub(/^Bearer /, '') end diff --git a/app/controllers/master_controller.rb b/app/controllers/master_controller.rb index b2075d5..38cd441 100644 --- a/app/controllers/master_controller.rb +++ b/app/controllers/master_controller.rb @@ -7,7 +7,7 @@ class MasterController < AuthenticatedController private def assert_master_role - return if current_user_account.role == 'master' + return if current_user_role == 'master' render json: { error_message: 'No cuenta con los permisos necesarios' }, status: :forbidden end |